| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 19 May 2010 22:07:25 +0200 From: L4teral <l4teral@...il.com> To: bugtraq@...urityfocus.com Subject: Linux Mint 8 mintUpdate Insecure Temporary File Creation ====================================================================== Linux Mint 8 mintUpdate Insecure Temporary File Creation ====================================================================== Author: L4teral <l4teral [at] gmail com> Impact: Privilege Escalation Status: Update available ------------------------------ Affected software description: ------------------------------ Application: mintUpdate (Linux Mint) Version: Linux Mint 8 Vendor: http://linuxmint.com Description: Linux Mint's purpose is to produce an elegant, up to date and comfortable GNU/Linux desktop distribution. -------------- Vulnerability: -------------- The Linux Mint update tool mintUpdate creates temporary files in the /tmp/mintUpdate/ directory in an insecure way. This can be exploited to overwrite restricted files via symlink attacks. ------------ PoC/Exploit: ------------ The symlinks must exist when the user clicks on the mintUpdate Icon. After requesting root privileges via sudo, the update tool overwrites the target file with log data. This could be exploited to destroy crucial system files. --------- Solution: --------- Update to Linux Mint 9 or apply the following patch: http://github.com/linuxmint/mintupdate/commit/301993906c694eb119cd9614817de57e7b0c874c --------- Timeline: --------- 2010-03-08 - vendor informed 2010-03-17 - vendor response, patched in source repository 2010-05-18 - Linux Mint 9 released, public disclosure
Powered by blists - more mailing lists